1da8cb4d0f4df4cc1dff103c53d620897927326a7f91b2ad84baedd1f564c6ba

Analysis

max time kernel
131s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 16:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

passfab-for-excel.exe
Size

29.8MB
MD5

68995620bc86cf373d3f4747f1627f8b
SHA1

ddbf743a66ad64650c57ebd5fa7eb2c0ed3f439e
SHA256

1da8cb4d0f4df4cc1dff103c53d620897927326a7f91b2ad84baedd1f564c6ba
SHA512

9c5af025f898e1fdf61cc68989ce173d5d324b72cd79477638b53c5807552feacc4397a629fe97b7b227a287ed8b7b0dba010925a70110fa9e769a1336caa33a
SSDEEP

786432:dkX02BYuGGAA1uendMbXrMPhhXRw/JVQmjFo69gEh4c:SXNBpJ1uedsrAhVRwR+mX9gSn

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

30 ip-api.com
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

flow	ioc
30	ip-api.com

Drops file in Program Files directory 64 IoCs

Processes:

passfab-for-excel.tmp

description	ioc	process
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-PIT2T.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\is-CISO3.tmp	passfab-for-excel.tmp
File opened for modification	C:\Program Files (x86)\PassFab for Excel\runtime\api-ms-win-crt-heap-l1-1-0.dll	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-JS7PF.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-HNMBJ.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-1LNTL.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\jtr\is-VPS8K.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\is-93M5F.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-7HBIE.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-523P5.tmp	passfab-for-excel.tmp
File opened for modification	C:\Program Files (x86)\PassFab for Excel\jtr\zlib1.dll	passfab-for-excel.tmp
File opened for modification	C:\Program Files (x86)\PassFab for Excel\runtime\ucrtbase.dll	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-6VIN9.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-BCNN6.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-KHEMI.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-JQE7O.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-NE6VR.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-7P1SM.tmp	passfab-for-excel.tmp
File opened for modification	C:\Program Files (x86)\PassFab for Excel\jtr\libeay32.dll	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\is-OEGNS.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\charsets\DES_special\multiple_nodes\is-TKC61.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-JHD0M.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-K7HA1.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\jtr\is-6ME6N.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-458OG.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-951IH.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-RS3TA.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-EBP5R.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-QH9B0.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-VV3K2.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-3QH0E.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-61VE5.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\jtr\is-3UA8C.tmp	passfab-for-excel.tmp
File opened for modification	C:\Program Files (x86)\PassFab for Excel\api-ms-win-core-processthreads-l1-1-1.dll	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\is-LP25M.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-094VI.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\rules\is-44RO5.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\is-E3TKQ.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-U7UAK.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-ELAU4.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-RC1CG.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-3G52L.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-4PQOG.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-6N0IK.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-5Q1LM.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\image\is-T3BAP.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-F42CQ.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-NU1EB.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-Q7OVM.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-2687T.tmp	passfab-for-excel.tmp
File opened for modification	C:\Program Files (x86)\PassFab for Excel\api-ms-win-crt-time-l1-1-0.dll	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-4675T.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-DUG4K.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-BI70A.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\rules\hybrid\is-6VN38.tmp	passfab-for-excel.tmp
File opened for modification	C:\Program Files (x86)\PassFab for Excel\runtime\api-ms-win-crt-environment-l1-1-0.dll	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-JQFCC.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-UCIIV.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\charsets\standard\Lithuanian\is-DA98D.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-P763D.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-UGJES.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-77PTE.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-I9A4J.tmp	passfab-for-excel.tmp
File created	C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-88NKU.tmp	passfab-for-excel.tmp

Executes dropped EXE 2 IoCs

Processes:

passfab-for-excel.tmpPassFab for Excel.exe

pid process

2148 passfab-for-excel.tmp
5092 PassFab for Excel.exe

Loads dropped DLL 15 IoCs

Processes:

passfab-for-excel.tmpPassFab for Excel.exe

pid	process
2148	passfab-for-excel.tmp
5092	PassFab for Excel.exe
5092	PassFab for Excel.exe
5092	PassFab for Excel.exe
5092	PassFab for Excel.exe
5092	PassFab for Excel.exe
5092	PassFab for Excel.exe
5092	PassFab for Excel.exe
5092	PassFab for Excel.exe
5092	PassFab for Excel.exe
5092	PassFab for Excel.exe
5092	PassFab for Excel.exe
5092	PassFab for Excel.exe
5092	PassFab for Excel.exe
5092	PassFab for Excel.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 33 IoCs

Processes:

PassFab for Excel.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	PassFab for Excel.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	PassFab for Excel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	PassFab for Excel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	PassFab for Excel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	PassFab for Excel.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	PassFab for Excel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	PassFab for Excel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	PassFab for Excel.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	PassFab for Excel.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	PassFab for Excel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	PassFab for Excel.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings	PassFab for Excel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	PassFab for Excel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	PassFab for Excel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	PassFab for Excel.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	PassFab for Excel.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	PassFab for Excel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	PassFab for Excel.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	PassFab for Excel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	PassFab for Excel.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	PassFab for Excel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	PassFab for Excel.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	PassFab for Excel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	PassFab for Excel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	PassFab for Excel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	PassFab for Excel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	PassFab for Excel.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	PassFab for Excel.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	PassFab for Excel.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	PassFab for Excel.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	PassFab for Excel.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	PassFab for Excel.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	PassFab for Excel.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

passfab-for-excel.tmpmsedge.exePassFab for Excel.exemsedge.exe

pid	process
2148	passfab-for-excel.tmp
2148	passfab-for-excel.tmp
4304	msedge.exe
4304	msedge.exe
5092	PassFab for Excel.exe
5092	PassFab for Excel.exe
4948	msedge.exe
4948	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

PassFab for Excel.exe

pid process

5092 PassFab for Excel.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

msedge.exe

pid process

4948 msedge.exe
4948 msedge.exe
4948 msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

passfab-for-excel.tmpmsedge.exe

pid	process
2148	passfab-for-excel.tmp
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

PassFab for Excel.exe

pid	process
5092	PassFab for Excel.exe
5092	PassFab for Excel.exe
5092	PassFab for Excel.exe
5092	PassFab for Excel.exe
5092	PassFab for Excel.exe
5092	PassFab for Excel.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

passfab-for-excel.exepassfab-for-excel.tmpPassFab for Excel.exemsedge.exe

description	pid	process	target process
PID 4532 wrote to memory of 2148	4532	passfab-for-excel.exe	passfab-for-excel.tmp
PID 4532 wrote to memory of 2148	4532	passfab-for-excel.exe	passfab-for-excel.tmp
PID 4532 wrote to memory of 2148	4532	passfab-for-excel.exe	passfab-for-excel.tmp
PID 2148 wrote to memory of 5092	2148	passfab-for-excel.tmp	PassFab for Excel.exe
PID 2148 wrote to memory of 5092	2148	passfab-for-excel.tmp	PassFab for Excel.exe
PID 2148 wrote to memory of 5092	2148	passfab-for-excel.tmp	PassFab for Excel.exe
PID 5092 wrote to memory of 4948	5092	PassFab for Excel.exe	msedge.exe
PID 5092 wrote to memory of 4948	5092	PassFab for Excel.exe	msedge.exe
PID 4948 wrote to memory of 4284	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 4284	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 692	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 4304	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 4304	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 312	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 312	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 312	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 312	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 312	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 312	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 312	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 312	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 312	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 312	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 312	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 312	4948	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\passfab-for-excel.exe
"C:\Users\Admin\AppData\Local\Temp\passfab-for-excel.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4532

C:\Users\Admin\AppData\Local\Temp\is-3NQT9.tmp\passfab-for-excel.tmp
"C:\Users\Admin\AppData\Local\Temp\is-3NQT9.tmp\passfab-for-excel.tmp" /SL5="$901C0,30644949,255488,C:\Users\Admin\AppData\Local\Temp\passfab-for-excel.exe"
2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2148

C:\Program Files (x86)\PassFab for Excel\PassFab for Excel.exe
"C:\Program Files (x86)\PassFab for Excel\PassFab for Excel.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cbs.passfab.com/go?pid=2111&a=i&v=8.5.13
4⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0xfc,0x108,0x100,0x10c,0x7ffe74d746f8,0x7ffe74d74708,0x7ffe74d74718
5⤵
PID:4284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,6049189203583990099,16023717733790381298,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
5⤵
PID:692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,6049189203583990099,16023717733790381298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:4304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,6049189203583990099,16023717733790381298,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
5⤵
PID:312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6049189203583990099,16023717733790381298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
5⤵
PID:1484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6049189203583990099,16023717733790381298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
5⤵
PID:2252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,6049189203583990099,16023717733790381298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
5⤵
PID:3944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\PassFab for Excel\AgentSupport.dll

Filesize
274KB

MD5
e1381bbfb19202f14d42248e9cd8310e

SHA1
8359faa52818d8ac4be3c571171e2f25f5b2d4be

SHA256
5ba9335a99cac291be94cca284183ab7801a666c4eb0e29aeeb9754fc1849481

SHA512
e2b2c884ccf8c1493347067977687282d6f846a87dfa91a804aabb6c53e5189a5bfa0867786078dcb4057ee9284970119f235182da7a25767e95395733243c70

Download Submit
C:\Program Files (x86)\PassFab for Excel\AntiCrack.dat

Filesize
236B

MD5
5ce55cd7d25a9f9330f15e5c49cbf180

SHA1
514939e565e7276b54071ee3c84db75c9729f404

SHA256
2efc06c7508ca9fea5402b1ad39ff59001c8e36bf867a92a0754cb06339b9ddf

SHA512
04b808c1a7bd87a96685cd115386c63f431392944eeadd24b47bcf2ab98d6ed443f05ee5a2d359bd07f02836dd806780cded1bff043aef904326bf2372684f0e

Download Submit
C:\Program Files (x86)\PassFab for Excel\BugSplat.dll

Filesize
313KB

MD5
98f7689045b7e7e6d3a8ab57aada75ce

SHA1
176bf2d5fdc363657672fa16a7ed2d1c4c6727b6

SHA256
3da9df6720f9b69bb31e02ab8218530497dfc7e132ec80e1bbf887f28faf079f

SHA512
85432827c8397f06f40e2755b06a5ed981b3efcbea0e5457c6fc5a8a1eaaf3497859bd1c0a87f959df56baaaf88b0ba7b3ea42a96b7bddaa67001fd6ecfe356b

Download Submit
C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-4OHAD.tmp

Filesize
18KB

MD5
6a8141be57b685783a23efa6ed88fca2

SHA1
89bded479c114df801c4f414cb9d2206e2111c94

SHA256
ff79d2f1e947d36706dee04b6f6f31564a6f974778eb6e87410d8a5981313b9f

SHA512
aca0c6b6a29ff9d2e2307719e2ea60d82d083001e297dd1d52051afc20e36852881717f2fd01208343ccb78f880bb769bb2317bfdc985d4165af9e441ab41355

Download Submit
C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-BD2I3.tmp

Filesize
22KB

MD5
0e715505b2ce426d7971b988ef6179be

SHA1
b7f1e1a7f793cbbcc075ab8357019351ae5bbf2b

SHA256
d766b4675ffb17a1cd0a16aeaf0cd1248438590bd7520cbfe97283a308e78dc5

SHA512
043ca32e9e43049c0a8471589b2b6507724cf18e2eb9db8874c042a491b503eba30e37e529dd2c5b37cad674086d508f662fbae5b078b1c851022f1b1165ca2c

Download Submit
C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-ET1DQ.tmp

Filesize
26KB

MD5
2bdfb759da4f30e9e471ad3448ecab42

SHA1
48113e7b895d13cf3ab7bfdf539271b5fe36f7aa

SHA256
75a3c64197f533ee217993612080d27fe8ac2e676476be0b2322498c844eea23

SHA512
de0ba9f136d09a33be97e63ef277864ef498b597de393d8b0a2369eafda6a788cef6d119e048b14aa118d75c0d27cb5066b44c784d477968edd47c6a8998d2fc

Download Submit
C:\Program Files (x86)\PassFab for Excel\Hct\OpenCL\is-GMHK7.tmp

Filesize
2KB

MD5
3479678f6aedfcad55acd51bc6cbabcb

SHA1
7e4b02bd68731a13e6d96b8441d52fbd166e6d4b

SHA256
2bf61bcaf91500bc4adea428038a7f4e9a286443e65d68a35b27a8975736ff25

SHA512
af4417ca600e264277e8367e0e2f5ed410064e3007f94b124a0734ea88063c002c7ff9e46e6c64e354519257de8aed93a30f29efd76c00e48b352a2d7cca5312

Download Submit
C:\Program Files (x86)\PassFab for Excel\Hct\masks\is-GV5PG.tmp

Filesize
57KB

MD5
ca306e560fdb19cb07e552e62555bfb2

SHA1
c7a2ead23ab1cf836e9d71652b4a4eb0c1b3d2c6

SHA256
be0825f498ea230043ac501c8565227131fd69a3d8b5d7ec5040061d4ff741f2

SHA512
40915f97050cb94ba4a2b6c94c6e0b685d73f7237dd88c987f143a2aa9bcee0f408abaefe74e0763bcf9658862d4d3648aa6f86c84d464175d452c5024246de1

Download Submit
C:\Program Files (x86)\PassFab for Excel\Hct\rules\is-CRRVP.tmp

Filesize
52KB

MD5
739e4ad696713b0503fe94491f40ae7a

SHA1
65b3795c0bbc686bc990a1243bd4fd4760c32b14

SHA256
a048005b874517ff0d3ad2c5249dcfb4144db733cad689b5ff9f7a8718b84bd9

SHA512
89cbef3924e54992a7e7811a6eddc24121467eea73ca64af46be02cbd8411c38c9db27baa3a7a6e48147d88b87b1deb0f2766e6e2e8ffc525c785195670ddd0f

Download Submit
C:\Program Files (x86)\PassFab for Excel\PassFab for Excel.exe

Filesize
4.1MB

MD5
5b5393fe69cbc581ffe36708a1e579ee

SHA1
2dbebebda46c5429c94a9e7e4cfe8ad9997901bd

SHA256
1f0d66e46a1c157abd65293b8582b107dcbec81c1c0da0b3b6f86d9ee55333b4

SHA512
7e6fb52d9f91cb4ff89e57cc596fa23951985654ada5284e73ba1bcc5c9590a9d0ffd3fc5fd4d1ac36c8debb2ebfa545182bee1f9261a43098358cd334931740

Download Submit
C:\Program Files (x86)\PassFab for Excel\PasswordCrackerWrap.dll

Filesize
113KB

MD5
86dd71e48294ca0797442771ec73ef68

SHA1
2b2a9f04310c85cbd95383ead3f04230ad4e1a23

SHA256
a15f8e6bd3a85c39ddf6c36291c5a0336dd92af421e76c275a96ea25df633399

SHA512
e632e367b474238bd99339517250e9ed96cd4c8fdf0aed747d318bd29fcf9066b3103a96a8e7d7e6dae2491e6dec73ef9108fac10222b4b4eab3a5a988d26df1

Download Submit
C:\Program Files (x86)\PassFab for Excel\Register.dll

Filesize
357KB

MD5
eb51cd5beb335aac8209b83de7607874

SHA1
149f4751f9d76c26780d951ccb7939de1fea5d18

SHA256
62ed82e8c8701eed340b5f3d3431e386a6651d00ca537ffbda74f963da0918a4

SHA512
5cc6709054bdadb414e4e10694915d4cb9e7e9da06292d19122cbdb49424dd72605be7cd9aaecdc8bc1685ac6ca4757487d12680503e948a38407ede8bb62de0

Download Submit
C:\Program Files (x86)\PassFab for Excel\SecurityLaunch.dll

Filesize
178KB

MD5
69532022af8cd0a5f59d283f64ea02a6

SHA1
30ad1551c43b70d938785573065fc604d589cedc

SHA256
b1f0570ec8d5238e530b6425b6165d1c0c4fc55f0b17ed6fa10c2addac63d353

SHA512
be1de7a5dbf4965058bc540b8f80724d909907056b9785a80d80b784c2c0cb9ed9babe42200ef7cab7b437ab59eec08cbd48bc210ba330d0f23f529dd185bd73

Download Submit
C:\Program Files (x86)\PassFab for Excel\SendLog.dll

Filesize
135KB

MD5
b41232d9afd4de840fcc9b3754ebff71

SHA1
83393df0a6cbb367e35d30e1e4fde781b4fdb8d4

SHA256
c4152b5afa31780fa95151be32da763179ac3e497fdebae5cbe25596ed549688

SHA512
9cca7bcb84a2b752dac1284d1ba3a7534fac15bb9943d217ee1f3c110881595c0c9e780376231e1b537b76509e32ef4985bb6d463f825520cda47a1b09a0576b

Download Submit
C:\Program Files (x86)\PassFab for Excel\SoftwareLog.dll

Filesize
323KB

MD5
8e1c67710af6fb66f1d12cbe80e603f7

SHA1
dcd96174a14e6aa3bfe3047e24a05d8562ec3746

SHA256
8488365aa4576a40cc33418d7bc8849391f2480c13f9441c0d45b55f4b9d2c16

SHA512
5b5c975fbce9c7b54b4ce087e6529f8e16a497a9f6621b2a0c8a3953f311e1f4cc06e491a2a2eb0c911e139215625b2696864620cdbae2e73ee5e3cba06ae6d0

Download Submit
C:\Program Files (x86)\PassFab for Excel\TSConfig.json

Filesize
907B

MD5
6754831fe3585f83cdab67d5e7f6b47c

SHA1
e116a627f3e7f8fa8dfac2f9ade3b62f209f485b

SHA256
9fbda2470de35e8bf9e1513c6bc2a0e809cc7f982ec16c2ea7684b7fc59edd10

SHA512
7cb420dd18a6a00e3fe8217d54e0567b9b587dc90c2039f39913d8abf5357aaef2fb7166bba69d08e34bbbfeab6496b7e7dbd3c037b28e30ad80c799aa6874d7

Download Submit
C:\Program Files (x86)\PassFab for Excel\WordProtection.dll

Filesize
409KB

MD5
0ec6a546fbd1ee9eb4021023f24df23b

SHA1
865ff295836f2ab72e00d5c3dec67671cf2c6a5c

SHA256
1248b4978702d760aa6800a6404eab40dbe7ac717f489a02a109a5c7fa2153ec

SHA512
7b1be729ddaa67e41ad173711c9defab8f484ae9fd65e9c4b0e1af34a0607f228d23f4079d725bff7ee1742fe055cb9973b5b9dbfa02280581e46d975a5e5a9c

Download Submit
C:\Program Files (x86)\PassFab for Excel\cloud

Filesize
252B

MD5
2f0c80477d3003b56c83973d19334f9b

SHA1
e5353d068589942dc3e7dc1bb58f5af9752b5d0a

SHA256
138bba89b1021d68020c991b37eeedba35c1be3058ff48f08b8765b02a70c1a6

SHA512
7de54bafbc70016e196022b5e5a9448e9cd7db2b4371d3efe25c8a8350ae409dcff7cff40f23753467e427e86a08cc6ff0d72e255002c64d387671fe3a72f20e

Download Submit
C:\Program Files (x86)\PassFab for Excel\db\siteInfo.dat

Filesize
240KB

MD5
842d7c3c76ba09a693cc34576b432ad0

SHA1
64cbb85a51da8301279e947cb085681f6f656eef

SHA256
1b9c0a4c08524071f639859acb81c346682d94aac791af6c5a026e6fe3feac71

SHA512
0b9fe484a26ec7051011a4de3c992c696ef1e641297f5efb0878349b3f9e267364b97c3e12b777cb3be994fbb86b3f3ea52a2d244bac5d67badbe3714825d1de

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\background.png

Filesize
4KB

MD5
8c6da7d014b0995a649b09928ebdb58e

SHA1
8aeb9dd8434b0196806361b9246c6aa061de655d

SHA256
e8b55dd3b5927990a25430341233c9e7014ee4b1cceddd8046fedc01e2bcd76b

SHA512
67a884eecb75ddcbca6aead42dfbdb6916bae96d4840f19cc634bd723074f233d9cb4bd809849954f5d92cbd880d1c632cd98bccb01f094c522f51d5bf857be8

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\bg_Message.png

Filesize
2KB

MD5
6130f45b691c36678e9b95f6dd281bfd

SHA1
c6fe527f5b8ab675720914ad019897c0a2756d7f

SHA256
e940f8c5dbd51a6c1b27900cbf377073b582a12ade67bbfae152aacaec9b7b7d

SHA512
a06a0a66a917023cc1042b6dfa12e14f35d8c46baa399aab2f089cb856ee4b62558ac601a4c8c37bd213084196b7693d66c1a578669ab299bb087a8aac3b5e33

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\bg_Registration.png

Filesize
3KB

MD5
a28b962401942d9260d65c8515697513

SHA1
0d5df72fad897c29339ff881dafab0fea6be9991

SHA256
460aa8cbe2d61c51ee6276ad6e73d7c68c2d5692209f431ba7fa956151d52b62

SHA512
859de68842392e4c5f50aac789e0b3fea30d97b76c228314639b0268bcfbf696b72706f888f7fcc1edd92e09e4b1702222ee334ae3a47e83acab8042ec6a24c4

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\btn_DownloadDictionary.png

Filesize
1KB

MD5
9232c4eb22db9023662a9b5337f42a8d

SHA1
d2bacede82f5a547880588f33561b73bc0f9164f

SHA256
85096d5acd7e2c4ae77de2e02e192d271e3edfd90d86447666eeaf10eb50c7d5

SHA512
21b352e803612274ed30c132eac9629a440fdf1da26c01e0e59dbaa4232892d9819082dc89ff9ed5ab1a6a17da5291e54c79ab7f105b24fede57c24eb440f7ba

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\btn_Settings.png

Filesize
1KB

MD5
a679e70027e55cfe6e852230a9afe164

SHA1
af0e485943dd94fa4fda144ba88d7c6bd42e86c4

SHA256
0eb7fb54d7e7218e61049d72465791bd711bcd4b0dacefb4520890f367c88a25

SHA512
17e20c77cb6e9d705638415e71959e2686deeb39658481d5159f93e6d6424234518e0d88b0f2b8cad9a787b448558add2e2b65524bd626a27c395d57ac82deef

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\button_Add.png

Filesize
2KB

MD5
f60caa6d819d201e111941d327962aa3

SHA1
269aabb252b88a139761c9585c37a0f084fac282

SHA256
17bd53ec889e1f040574213b6bdef7624cf4d562ff799d8043af4c112cfd16ff

SHA512
07995fa391854afc6bce8d99a379decac8c50140e7305e4c974bf5a50bd24e2baee09bec765080bf73c76ab048ea92f78656aa96332d10d0683ddf3e10df0898

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\button_BuyNow.png

Filesize
1KB

MD5
9f09128f5234b474bf910fe833fa1e47

SHA1
0dcaaba7f4e4220e01d8b88402bef2ff1be667fc

SHA256
c51668a454fcf97094946eec76a04c4a0ebe10606e75f74c2d117ef3834899a1

SHA512
a57b8c080023989c144fc24c393419f8ce7990de50d9bf352a804508da2ab7262a05ab227ce2d790f345f63af735f38e2794f861343d49bc6ac882e649d7f21c

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\button_Close.png

Filesize
866B

MD5
13740334ac1662f87cd4260ce212f090

SHA1
2263ec3e521c0b8c954895f30f65d942f42fdcf5

SHA256
4346fb0c6c067d94c13f4b43a4d56c95dc27047469695898494c9661f59bc442

SHA512
6fcd8a8896d348d5d719f10aeee9531e92d1ba7284b1522e2dce7cdc19ae30f0be0ab7135d8b0a999dc54c333a4221cf7d3e303f12f7462e25dc95781d959508

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\button_Menu.png

Filesize
270B

MD5
ce2e3c5b535e05892809e1c7cc5ba88e

SHA1
90e98ea84883d1a0c0d0b3a40da30a3f54d2bba2

SHA256
cfbb6e53eb2fc413f4c413379f5d39eb80ffefbbaffcab23b37f9644efe5d371

SHA512
d739f9a75a7a06e1c7f67b81d5c0f54e5dfd1f44259c6c05cb7fcea915fd054bbad62a69b172200f2fe9e61af2275b796ef7f0221ed69d7edd5e884b644afd94

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\button_Min.png

Filesize
262B

MD5
da83d06930d3e33f0a694ae333d777a1

SHA1
7f9a09631a977860e547c21042bf185d3d725709

SHA256
f4c63f017d401cb8206462c9052668e089af9528a979981603eeb9d0b4145936

SHA512
74b5ce2572b199a161340c085bc7be27aa39a52ace639f4ec28ad5a332737cf100bb7d3ed0cd936f331a37efc9243312cad18e904d146a356e1bfffc0461b710

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\button_Msg_Major.png

Filesize
2KB

MD5
eaa94e054d9e06dff9cdda06fd4da2da

SHA1
086fe715919e3aa4bd9213746759b9a6117b1a20

SHA256
2ce27abc71ccaaad52fe97c61264e54fa8f711af7e9f25ae1dd153ff656c584b

SHA512
7d71cb9a8172aaa1d6be9c2928a97123b0a049b6cef8684e433e59c94e4bdf1237c40913b837573c3c81c2f86a540e15db8b25af436c8c3d01fc93646da7c8fd

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\button_Msg_Minor.png

Filesize
575B

MD5
96cc12e3a048a950e7088235049abe1e

SHA1
71ce0b550ece5fdb640620081aa390ac41f904f1

SHA256
dec7aa84557f092fd9e393fa1266496afa99bd16fd1884cebdeb85f3370eef5d

SHA512
fe8985d15262eba1f2aa9866abb2acaf0c89847a2f4511898750d9335fe59d01ff754ef899d4948ea8b59b1676c477df1ed2abb297e0d63b6756c4174aa19406

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\button_Register.png

Filesize
1KB

MD5
7e157d5cb63ff05cb7197cc78272faf0

SHA1
cd4710a85c8896ac02d9b182a9ab968fcc4282ab

SHA256
9a56a1d33ff297c00fb865eeef285fb55eafe28596eb256e49b9820b35f10897

SHA512
6650f1d1b5a65d3198de415876fea07eb60bfd1cebb14e31e7d5bc4b71b7768da92e65537dda621e5d2dca66c1a5a7af4e051d576cf30c706a71f067865054dc

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\button_Settings.png

Filesize
363B

MD5
22a4de757048a15cf3cf0e4e7d813bd8

SHA1
a81764f06e3e4797d2c3838226b17eeb71a93158

SHA256
f4c7a9a75b10e403aaebd962f414f4916edacbceafb7db0cca48fcde82a3e6a5

SHA512
34692b54e4556f65f7436a9a5da8747f22a776cded19cffb5d9cb17d705005515b5cb3a851c20a3da14db64810e40926575833a8f32a410610820fe925a2e6bd

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\button_Start.png

Filesize
2KB

MD5
9796c6c528ca2975bcf4850b2e495e79

SHA1
83eb1d59ced4edfb4c34fd692aa516188a6e2c88

SHA256
5f1cef62a68f8850c3bba3020389cdb6f260bd04a1c87b9953c7ad129bb9dc52

SHA512
715b0235ce77785b2a047805b186cd9140d9ff2410ce3332e306d39cc3aba033574b5cf20c1a25da506562e322b43dd66746910fa033136b7961640797d4415c

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\button_Stop.png

Filesize
1KB

MD5
c99a053ea8d1ca964cc379282d821939

SHA1
28ad37f2681eef9729fdf20fc282ca568a40afc1

SHA256
261ce2cb4a93222938422ecb775f08c00be2757b218fc62f3f1496f302b598ae

SHA512
1b9cfc26fe0ae3abaa350b1990915c052c47496b56baa746c41a84433f4826720c9ae65bc4427b0262b64cfa95ac6941963a647d284cb45023e65872253755a1

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\button_goback.png

Filesize
3KB

MD5
4ea1c23940dae3cf2c0dd52d04374672

SHA1
a1260929f3b3e0a1c73c34f17c04d0b00a98a88d

SHA256
9ecb4c72cf7bb216895cb05e3cc91e086567affad7f90c52eb4c8bc07f3453e2

SHA512
c78ce9c481f7039bbfc027f5b506b996eeaced943f404e0090ad8d7bf007d2d9432990b347522fdfbfe76d2ffa3149ed1580759531fdfb2dd23114c2bab19e8a

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\downloadIco.gif

Filesize
4KB

MD5
b0d166a6453087a6af3667890bb36d29

SHA1
e7e16f174103728b317dacb61ee8d4ed5573da80

SHA256
8afc2050af877e574e98d15c629a3da5c4d0967a1d3093714bbe16cf661ffd22

SHA512
93726b438b325f2fbe1f28d6e1a453999328a3544b55ad8a521c6bc30fecc58ce5a1d2917cb99d93ade45919148b9a33f2ba2ec61d95bd4fe02e91225e2b3f25

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\lock.png

Filesize
647B

MD5
ed1280349bd01822f654a0b313e5f020

SHA1
6742da583c16299806122470ddcb3191a7b33fa1

SHA256
33d1914606ec59b715d5429b81ae4be2f30f61bca28670cc7f853c5852628a5c

SHA512
6965f9f254ded6338445e911259340e5b620ee7e4d5d48a6075693ebae88d8aebcf3bb4d8dce89d8e1c334e5fcd50b13ba41098b112eb3b87d7eabd01c024d19

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\logo.png

Filesize
1KB

MD5
3705633f079d1cc1def857f5c2cbf699

SHA1
91d310d267438ea9d7ea889d4334dc44d195504f

SHA256
edb7c9656d56eb438b7c5550b5f1436e5b6e372500b470490e45bf24ffa6257d

SHA512
dd75f01e94a94350768dc3834c135436af0b10df1803b15e1c1462fbc33905af23468f75d798d17ae3a139d9ea894ef56ee68a5ec4ba5f2f9e03a4c47d44f28a

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\recoverypassword_normal.png

Filesize
3KB

MD5
e43601cfab9ffec5547d23123dc87b01

SHA1
0e1434b894b0b8642f7f53db9ef0846c55e15105

SHA256
9d4f4e9833ffdec70640ae6737ccc9c8c3404ae35e42f688f2a2b2d55193d48d

SHA512
804164be24b7b7abe4eebcf6d33aa5d39538e7e8f2ee17c34174b3191fea561ddfcfb6dce2e814636f03732acac2cce5dad7f0cb2acce2dd3ff285e9b6096f60

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\recoverypassword_over.png

Filesize
2KB

MD5
1ef7cd04ac9f47d07f92e5ace71c403a

SHA1
06a3948693baece4ee7b23a93617446b0ab52714

SHA256
6964f75f27ad09f3b0efb6967f337a9e66e8fd66997c0596ad4d7dff1e0422d7

SHA512
0842f0da88b63a6f5db8620fa5e1a9a961bae8ba49a32cf26c59e05a1279bb9cb6899836583a040050b1451787b091513f748e54548dfdde9b2a3735d61a11a4

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\removeRestriction_normal.png

Filesize
3KB

MD5
e0ce1fa64d4db9ac38c6f7c420ed0ce7

SHA1
cfeb4adf771a80a4833a337c1cf10845f35df020

SHA256
787a2d8fb6a51de9fd0e662a213f87ee90fa821d3cca1dde2c6b284f6cb93e63

SHA512
1eff4613e07a023376b851b5ac9e8c7c0ad85436e4fc16c4a00775182afae570ef9c92c0e8e57d43b6e7ea610299abf80ecefef2d9faedf4410492d8597c9ff6

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\removeRestriction_over.png

Filesize
2KB

MD5
e8ba1bc0f9cf842f8f1f1d1b847aa190

SHA1
d73a8f8677f17a2b51c9b3daa20006ff6fd07d40

SHA256
2bdb52c55c7375e7b8b38943ae0c5573c5b9eeb0a4b3861813d14585883d9b5c

SHA512
f4b59565c60fce71102f69980813b6491a775c58cad63504821a2e714f63c9b778bac2b1a82483109223d93b546d3a04e456d518c7cb49285652e443dbe9815a

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\trake_Slider.png

Filesize
447B

MD5
3a4b9e77db90afa2ea76b728f4dcdf10

SHA1
05bc72f6f677f4beb7c21905bdb7926d732149df

SHA256
13a90b38387abe9701c226b24c9582d5debd382fb143f741875581806ab9d2b5

SHA512
fea9cd6dc5129ce0fa6dcec3e982f76a3e1504dc319599f92fe42e1dd50c3d4da062a29974a367c718fdb58025d3f0d37cc113520bc9de1b6043dfa3b01d3765

Download Submit
C:\Program Files (x86)\PassFab for Excel\image\trake_Slider1.png

Filesize
903B

MD5
d6bc8c9f0fa7d9892678e2899d33f156

SHA1
d5b573ff841a5bc0060e6104f5ab04304c4f5209

SHA256
60ff8cc1ed0bde4517b4db211740cb2adb09199b76ca1338a5ce08e21b8d7c47

SHA512
c157ea430289100ed51bb3ad8a1f523fdfc58c83ea159d38a4f81cfe158831a3872ca149228679d3d34d3ab77c173928e6253d881e0d2206ddc1fe8fd27fb550

Download Submit
C:\Program Files (x86)\PassFab for Excel\language\english\ResourceLib.txt

Filesize
11KB

MD5
752f455348f814c6f4ea754a2862bba4

SHA1
16963c3609ca8997e74a6c00cbe1115ac0fa8ff3

SHA256
5245983c313e2ae3afc2a875e298c088c7256497669701033ca43b5ae72c14c7

SHA512
6016d6d068ed3e6ac49b575d242b2347e9c1af72cf0fe644131970e77d0955a5b3828019ac2710e8000ca842bf1be945fc69200a9fb3751516d252d63fb06d4a

Download Submit
C:\Program Files (x86)\PassFab for Excel\language\language.xml

Filesize
2KB

MD5
fb8353ec27943e5333ec1fdabbd1c3e3

SHA1
d786f0e848afc584d1081965483bf6dacdab4dea

SHA256
78ae3b9c452d5dd498ca25a7b14bd4ef115c527edade10c6fe2bdc93cb4373e8

SHA512
b1ed4eecb36f2709c7b98b11e595cb1e337e806dbb7957242a5f213de71c255b0d2a7c15f7ab462fe45a2a8d513e44bc38c6b54910e760a69c91bbc2ca4c3614

Download Submit
C:\Program Files (x86)\PassFab for Excel\libcurl.dll

Filesize
1.4MB

MD5
db254f5df7ac86929bced1b4cd5d05e6

SHA1
6baebf65add7664f837643a2d24526c1452a1a81

SHA256
e2688cc701a5a75a60c5b4016ffccba7d32f93f65de4b2eeb1f4abf64b24f90f

SHA512
6598438392f15f9b28c675aae2a4dd93d7a73a1191949b6bf0c537387c3ea1e7dca6bf170a35f300bcb79b9db0dc1c07774d0d492e1a16f998bd16f16afef9b9

Download Submit
C:\Program Files (x86)\PassFab for Excel\msvcp140.dll

Filesize
450KB

MD5
a64b6502687c7c956de7545c12ebb6a1

SHA1
5505d14c314a9017c1df5917db7c256a5d28f245

SHA256
1f1d184393b62630ab5f0227487d170a7dfcd0ad3da2022089a3e46f41c7f510

SHA512
081ffe6b55c9c2c9024d0a897f8c8e1ec0974b497b13f33f06382f55e209963e9782a8e8796366f9b9bf4eba0980113b091693725f36137a22daedbc5050af33

Download Submit
C:\Program Files (x86)\PassFab for Excel\register.json

Filesize
1KB

MD5
4b8adf7e1a8a1a1d22bfc9ed8f3ade28

SHA1
234b25433fb896807239b8931f300f8f48e1d92a

SHA256
b93420c2360e36bdf5ae1c478a4d55b29ec400c930961996041374142bb81520

SHA512
426e000c39703f3e41f9a55797b3e02fc18fcfc9af3c622e4a9423f2688840025c79b9a7c42c5818772be5643bb6a207047bc5862b3398ff5023535a410e8d3f

Download Submit
C:\Program Files (x86)\PassFab for Excel\sqlite3.dll

Filesize
558KB

MD5
aaf764020864b366e22eaa5a40da5e54

SHA1
4e0697249ec3b7c2e9316814d875365751fd685e

SHA256
10c9f69eb74aed77d5b637d4768a5fd7a39cb2f0deaf07d0fbdd051ef2f6fc31

SHA512
076d50f4fc1748336f1285fac0550c697cbe79241afe0bc2b7c55a4729bc146b4b286ece2c03c9c7bf71549bd1d8d76805f59c743a66e2d66e96837a016eb7fe

Download Submit
C:\Program Files (x86)\PassFab for Excel\vcruntime140.dll

Filesize
89KB

MD5
48533deffec0d6dccaca2152d578d171

SHA1
777a3004fd4b2a875822d7d8599a717d84daa048

SHA256
8f37ceeddfa1d77a5d52c6456c2feff47f31578e381cec16d1ace06b1931817d

SHA512
0473af1c775ee2adcaf0cda7a79bd3cd23a865bd5bedb6b8314f018198e3ab105dd515cf8933123c9ac829d7fb6b0aa2f67634217d4aef6427be364d0ed434d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_FB287BEB63DB9E8D59A799779773B97C

Filesize
471B

MD5
c1d69b67ef6952a51f8c7c7607083486

SHA1
f18a03df0b7ae8c99b2c4074ffa679e68b2eb0e7

SHA256
117d998e3946c0770b48ac1a0e71fa02d0b384c9022708ede1b7f37bf56f6dd1

SHA512
6854bd3657b6f89d96188324a53b2a268a731840318b4cad37735d7c815a1843b922af0266b7192eabb6872e61f262545f4377605ca27ffe95f690a500d0dff5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_FB287BEB63DB9E8D59A799779773B97C

Filesize
420B

MD5
3e8125172081a76e822940a0753ac53c

SHA1
1347228b56a9a277b7803bd6758da76258deafbd

SHA256
664bc06554b1314dead273b7f826d9de97662dbb6a6aa815fad036e7db18d274

SHA512
20369bcdd0666c2ec588df06fab6fe57459c39eb271bdcb2cbcb889e6ce8251776f95da32b2ca5a3db95dc0060ef732d8951d5b5eb559d350403204fdc456633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5285372b-07d5-4506-ba8e-1f0e7b9c8102.tmp

Filesize
2KB

MD5
507adebec58e612b9ab23cf929799045

SHA1
08f5b230696fc5c76a3d259adacc727e8c22e861

SHA256
41408edcb3678f1669e90da6a4328944d0048f1aec44b186ec0dee98f61199a0

SHA512
f026c6fd9a6cade7d7c45189ffecfb58bd1f2d9ba7efdd3d67ed9bf26782a00271e713d3a53d918d2b819f7c762ad569c2068a65873f45c79a1462732cacf6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
05ebee981aba3ab96f42e4ce063e88ba

SHA1
72b494c9433d7aeb28cad2014d960a977378e2da

SHA256
c7480420602fcbf2dd0d087cfa24c2e7076cbefb2017aa27f2702f2d30335dac

SHA512
8e6a1ead1bf3e33a5b54cd7baa2789febead032fd0d294faadcccc093e3746e7ff687b843cba0e1bd85c67843998a2fd5985fad117efc805828a5e4e1e85fb45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
33658d8729d25c368561cf6925c7d6a9

SHA1
8920afafa20dc30573199b4376c2289c201bcaf2

SHA256
f96401e756f42c44fc115945821e38d4ed371836eb31505984bcb7101b53eb4f

SHA512
4b43e3bde4e21d4614211c7ed1e487e6bd2ac6b1bd69c50becb4a9d2db0e795e76f205e2572d3cfdec9514c5486085a0d4627726cf2d77f3a5bd4dc0ded0706d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bbd0525b-951c-4e1a-9d71-b5440eaa30e3.tmp

Filesize
5KB

MD5
4679340aaeb1326a495f980a2dac2600

SHA1
d6ce5907a38116fd13befb8e9528512dafce8335

SHA256
d741f1858462c70024792bb31330a4b726ff8250d8e10790e68f112365b2951e

SHA512
5bd8778df9941cb6cbf5cb73c106739b6807e8c923f7d2227ca352719a9a1ddf89cd549afec54bdb6a4d08d72c5f40991f753c7a0919ecc507a3b542e585dbd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
13c8a4058ce63ae6060a7952f65b485b

SHA1
b573806788643ef03c1b3c4476b6cf8e4136a548

SHA256
ec15c4fef4a5b48f869a0e1d3d5a1397ef689f8eaf428cff490d18712967bc1f

SHA512
57aa04d834d84a88f1f53932b9128734a5064ada07fe8b1c92261eff923342a863acef49c4955586632cb3691370475c603d7d90b932cda61d119dc7b33ea57f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3NQT9.tmp\passfab-for-excel.tmp

Filesize
1.3MB

MD5
13a1ee6075fda4e00f288377ccfc387f

SHA1
38214bd25afc57d31a757818ce6a9371a1488829

SHA256
1b40e13a04d1f70336e733fa450e0797bfa3a9e1df5ac040b3dda46b54a6efe9

SHA512
6bb410df6ea152dc0e12bba16ae27209384b31459c7fff1656b46629dead7efb92dbd587349552ac0324145962a7ad33a470284d698d53079b6691e3ec1a281c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4935F.tmp\SoftwareLog1.dll

Filesize
547KB

MD5
5f236bc79af30d9a703e76cf06458cec

SHA1
8e7e2cbd3f6d70d823fb83721e0e645cdc569694

SHA256
639892e93eee182eac88ce1be23df1a3c01130686c32d47f85728e6b332602d5

SHA512
a6e728ad342f6905ac9909b755c02354777471c516bc5b90528ece5da80fe24846e7fc5ada0c931a518a3be38128cf2e0ecd4c446aa7030da3f69ae7e271948d

Download Submit
memory/2148-14-0x0000000073DB0000-0x0000000073E6D000-memory.dmp

Filesize
756KB

Download
memory/2148-6-0x0000000000400000-0x000000000054D000-memory.dmp

Filesize
1.3MB

Download
memory/2148-13-0x0000000000400000-0x000000000054D000-memory.dmp

Filesize
1.3MB

Download
memory/2148-2214-0x0000000000400000-0x000000000054D000-memory.dmp

Filesize
1.3MB

Download
memory/2148-2279-0x0000000000400000-0x000000000054D000-memory.dmp

Filesize
1.3MB

Download
memory/4532-12-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/4532-0-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/4532-2281-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/4532-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/5092-2240-0x0000000001080000-0x00000000011EE000-memory.dmp

Filesize
1.4MB

Download